
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
@mailstream/smtp
Advanced tools
Installation is managed by npm. Package should be relatively stable soon so we don't recommend manually building the code from the repo, but that is an option
npm install @mailstream/smtp
import { SMTPServer } from "@mailstream/smtp";
new SMTPServer((e) => console.log(e)).listen(() => {
console.log(`Listening`);
});
See Type Definitions section for more
import fs from "fs";
import path from "path";
import { SMTPServer } from "@mailstream/smtp";
const options = {
key: fs.readFileSync(
path.resolve(__dirname, "../server-key.pem")
),
cert: fs.readFileSync(
path.resolve(__dirname, "../server-cert.pem")
),
ca: fs.readFileSync(
path.resolve(__dirname, "../server-csr.pem")
),
ip: "0.0.0.0",
port: 587,
plugins: [...];
};
new SMTPServer(console.log, options).listen(() => {
console.log(`Listening on ${options.port}`);
});
Plugins should follow a specific RFC. The plugin name is dictated by the RFC and will be exposed to the client via the EHLO command. Response codes should match RFC, whereas response messages are human-readable and ignored by the client.
And Example plugin, from an imaginary RFC which is named TESTING and implements TEST and FAIL commands
import { SMTPPlugin } from "@mailstream/smtp";
const PLUGIN_NAME = "TESTING";
const PLUGIN_COMMANDS = [
{
name: "TEST",
action: (req, res) => {
res.send(200, "TEST is working!", req.encoding);
},
},
{
name: "FAIL",
action: (req, res) => {
res.send(500, "FAIL command reported error", req.encoding);
},
},
];
export default new SMTPPlugin(PLUGIN_NAME, PLUGIN_COMMANDS);
import { SMTPServer } from "@mailstream/smtp";
import TestPlugin from "./TestPlugin";
const options = {
port: 25,
plugins: [TestPlugin];
};
new SMTPServer(console.log, options).listen(() => {
console.log(`Listening on ${options.port}`);
});
And Example plugin, from an imaginary RFC which is named TESTING and implements TEST and FAIL commands
import { SMTPPlugin, SMTPCommand } from "@mailstream/smtp";
const PLUGIN_NAME = "TESTING";
const PLUGIN_TEST_COMMAND = class extends SMTPCommand {
constructor() {
super("TEST");
}
//just an example, the default is already false
override shouldEmit = false;
override validState(req) {
return Boolean(req.remoteHostname);
}
command(req, res) {
res.send(200, "TEST is working!", req.encoding);
}
}
const PLUGIN_COMMANDS = [
{
name: "TEST",
action: new PLUGIN_TEST_COMMAND(),
},
{
name: "FAIL",
action: (req, res) => {
res.send(500, "FAIL command reported error", req.encoding);
},
},
];
export default new SMTPPlugin(PLUGIN_NAME, PLUGIN_COMMANDS);
import { SMTPServer } from "@mailstream/smtp";
import TestPlugin from "./TestPlugin";
const options = {
port: 25,
plugins: [TestPlugin];
};
new SMTPServer(console.log, options).listen(() => {
console.log(`Listening on ${options.port}`);
});
FAQs
Lightweight SMTP Server for Programatic Reciept of Emails
We found that @mailstream/smtp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.